Accepting request 719471 from Base:System
OBS-URL: https://build.opensuse.org/request/show/719471 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=33
This commit is contained in:
commit
bc90d78307
@ -69,9 +69,9 @@ if ! test -f shadow-login_defs-check-build/stamp ; then
|
||||
patch <<EOF
|
||||
--- shadow.spec
|
||||
+++ shadow.spec
|
||||
@@ -131,1 +131,1 @@
|
||||
-make
|
||||
+make V=1 -k CPPFLAGS="-E"
|
||||
@@ -133,1 +133,1 @@
|
||||
-make %{?_smp_mflags} V=1
|
||||
+make %{?_smp_mflags} V=1 -k CPPFLAGS="-E"
|
||||
EOF
|
||||
fi
|
||||
|
||||
@ -99,7 +99,7 @@ cd shadow-login_defs-check-build/shadow-*
|
||||
|
||||
echo "Extracting variables from etc/login.defs..."
|
||||
# Extract variables referenced in login.defs, both active and commented out.
|
||||
sed -n "s/^#//;s/\([A-Z0-9_]*\)[[:space:]].*$/\1/p" <etc/login.defs | sed '/^$/d' | uniq | sed '/^$/d' >../../shadow-login_defs-check-login_defs.lst
|
||||
sed -n "s/^#//;s/\([A-Z0-9_]*\)\([[:space:]].*\|\)$/\1/p" <etc/login.defs | sed '/^$/d' | uniq | sed '/^$/d' >../../shadow-login_defs-check-login_defs.lst
|
||||
LC_ALL=C sort -u ../../shadow-login_defs-check-login_defs.lst >../../shadow-login_defs-check-login_defs-sorted.lst
|
||||
|
||||
echo "Extracting variables from lib/getdef.c..."
|
||||
|
@ -13,7 +13,23 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -79,11 +77,14 @@ ENV_PATH /bin:/usr/bin
|
||||
@@ -32,6 +30,15 @@ CONSOLE /etc/securetty
|
||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
||||
|
||||
#
|
||||
+# Limit the highest user ID number for which the lastlog entries should
|
||||
+# be updated.
|
||||
+#
|
||||
+# No LASTLOG_UID_MAX means that there is no user ID limit for writing
|
||||
+# lastlog entries.
|
||||
+#
|
||||
+#LASTLOG_UID_MAX
|
||||
+
|
||||
+#
|
||||
# If defined, all su(1) activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
@@ -79,11 +86,14 @@ ENV_PATH /bin:/usr/bin
|
||||
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
@ -30,7 +46,7 @@ Index: etc/login.defs
|
||||
ALWAYS_SET_PATH no
|
||||
|
||||
#
|
||||
@@ -123,6 +124,11 @@ PASS_WARN_AGE 7
|
||||
@@ -123,6 +133,11 @@ PASS_WARN_AGE 7
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
@ -42,7 +58,7 @@ Index: etc/login.defs
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
@@ -136,6 +142,11 @@ SUB_UID_COUNT 65536
|
||||
@@ -136,6 +151,11 @@ SUB_UID_COUNT 65536
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
#
|
||||
@ -54,7 +70,7 @@ Index: etc/login.defs
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
@@ -165,7 +176,6 @@ LOGIN_TIMEOUT 60
|
||||
@@ -165,7 +185,6 @@ LOGIN_TIMEOUT 60
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@ -62,7 +78,7 @@ Index: etc/login.defs
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
# It supports passwords of unlimited length and longer salt strings.
|
||||
@@ -180,7 +190,6 @@ CHFN_RESTRICT rwh
|
||||
@@ -180,7 +199,6 @@ CHFN_RESTRICT rwh
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
@ -70,18 +86,14 @@ Index: etc/login.defs
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
@@ -196,6 +205,14 @@ CHFN_RESTRICT rwh
|
||||
#ENCRYPT_METHOD_NIS DES
|
||||
@@ -208,8 +226,8 @@ CHFN_RESTRICT rwh
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
-# SHA_CRYPT_MIN_ROUNDS 5000
|
||||
-# SHA_CRYPT_MAX_ROUNDS 5000
|
||||
+#SHA_CRYPT_MIN_ROUNDS 5000
|
||||
+#SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
#
|
||||
+# Number of rounds for salt.
|
||||
+# Default values:
|
||||
+# Minimum number of rounds.
|
||||
+#SHA_CRYPT_MIN_ROUNDS 1000
|
||||
+# Maximum number of rounds.
|
||||
+#SHA_CRYPT_MAX_ROUNDS 999999999
|
||||
+
|
||||
+#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
#
|
||||
# Define the number of SHA rounds.
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
|
@ -14,7 +14,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -38,8 +41,7 @@ CONSOLE /etc/securetty
|
||||
@@ -47,8 +50,7 @@ CONSOLE /etc/securetty
|
||||
# If defined, ":" delimited list of "message of the day" files to
|
||||
# be displayed upon login.
|
||||
#
|
||||
@ -24,7 +24,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
@@ -53,8 +55,8 @@ MOTD_FILE /etc/motd
|
||||
@@ -62,8 +64,8 @@ MOTD_FILE /etc/motd
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
@ -35,7 +35,7 @@ Index: etc/login.defs
|
||||
|
||||
# If this variable is set to "yes", hostname will be suppressed in the
|
||||
# login: prompt.
|
||||
@@ -73,9 +75,9 @@ HUSHLOGIN_FILE .hushlogin
|
||||
@@ -82,9 +84,9 @@ HUSHLOGIN_FILE .hushlogin
|
||||
# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
|
||||
# (and falback for login).
|
||||
#
|
||||
@ -48,7 +48,16 @@ Index: etc/login.defs
|
||||
|
||||
# If this variable is set to "yes" (default is "no"), su will always set
|
||||
# path. every su call will overwrite the PATH variable.
|
||||
@@ -99,7 +101,7 @@ ALWAYS_SET_PATH no
|
||||
@@ -94,7 +96,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
|
||||
# The recommended value is "yes". The default "no" behavior could have
|
||||
# a security implication in applications that use commands without path.
|
||||
#
|
||||
-ALWAYS_SET_PATH no
|
||||
+ALWAYS_SET_PATH yes
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -108,7 +110,7 @@ ALWAYS_SET_PATH no
|
||||
# set TTYPERM to either 622 or 600.
|
||||
#
|
||||
TTYGROUP tty
|
||||
@ -57,7 +66,7 @@ Index: etc/login.defs
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
@@ -132,8 +134,8 @@ PASS_WARN_AGE 7
|
||||
@@ -141,8 +143,8 @@ PASS_WARN_AGE 7
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
@ -68,7 +77,7 @@ Index: etc/login.defs
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
@@ -150,8 +152,8 @@ SUB_UID_COUNT 65536
|
||||
@@ -159,8 +161,8 @@ SUB_UID_COUNT 65536
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
@ -79,7 +88,7 @@ Index: etc/login.defs
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
@@ -160,7 +162,7 @@ SUB_GID_COUNT 65536
|
||||
@@ -169,7 +171,7 @@ SUB_GID_COUNT 65536
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
#
|
||||
@ -88,7 +97,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Max time in seconds for login(1)
|
||||
@@ -176,18 +178,9 @@ LOGIN_TIMEOUT 60
|
||||
@@ -185,18 +187,9 @@ LOGIN_TIMEOUT 60
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@ -109,7 +118,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
@@ -201,8 +194,8 @@ CHFN_RESTRICT rwh
|
||||
@@ -210,8 +203,8 @@ CHFN_RESTRICT rwh
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
@ -119,8 +128,8 @@ Index: etc/login.defs
|
||||
+ENCRYPT_METHOD_NIS DES
|
||||
|
||||
#
|
||||
# Number of rounds for salt.
|
||||
@@ -271,7 +264,7 @@ USERDEL_POSTCMD /usr/sbin/userde
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
@@ -272,7 +265,7 @@ USERDEL_POSTCMD /usr/sbin/userde
|
||||
#
|
||||
# This also enables userdel(8) to remove user groups if no members exist.
|
||||
#
|
||||
@ -129,7 +138,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# If set to a non-zero number, the shadow utilities will make sure that
|
||||
@@ -290,13 +283,13 @@ USERGROUPS_ENAB yes
|
||||
@@ -291,13 +284,13 @@ USERGROUPS_ENAB yes
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
#
|
||||
|
28
shadow-usermod-variable.patch
Normal file
28
shadow-usermod-variable.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From fc0ed79e5d700b4a730235fe88e60951717edc6e Mon Sep 17 00:00:00 2001
|
||||
From: Stanislav Brabec <sbrabec@suse.cz>
|
||||
Date: Fri, 26 Jul 2019 21:39:42 +0200
|
||||
Subject: [PATCH] usermod.c: Fix invalid variable name
|
||||
|
||||
Fix invalid LASTLOG_MAX_UID variable name to correct LASTLOG_UID_MAX.
|
||||
|
||||
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
|
||||
---
|
||||
src/usermod.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/usermod.c b/src/usermod.c
|
||||
index c3718864..0ae50e34 100644
|
||||
--- a/src/usermod.c
|
||||
+++ b/src/usermod.c
|
||||
@@ -1879,7 +1879,7 @@ static void update_lastlog (void)
|
||||
return;
|
||||
}
|
||||
|
||||
- max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
|
||||
+ max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
|
||||
if (user_newid > max_uid) {
|
||||
/* do not touch lastlog for large uids */
|
||||
return;
|
||||
--
|
||||
2.22.0
|
||||
|
@ -1,3 +1,31 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 26 23:44:56 CEST 2019 - sbrabec@suse.com
|
||||
|
||||
- Fix incorrect variable name in usermod
|
||||
(shadow-usermod-variable.patch).
|
||||
- shadow-login_defs-comments.patch:
|
||||
* Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs.
|
||||
* Add missing LASTLOG_UID_MAX.
|
||||
* Refresh shadow-login_defs-suse.patch.
|
||||
- Port shadow-login_defs-check.sh to match the current spec file
|
||||
and login.defs.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 25 15:27:15 CEST 2019 - kukuk@suse.de
|
||||
|
||||
- Provide "useradd_or_adduser_dep" for sysuser-shadow
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jul 20 02:11:10 CEST 2019 - sbrabec@suse.com
|
||||
|
||||
- shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to
|
||||
"yes" (bsc#353876#c7).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 19 10:19:44 UTC 2019 - sbrabec@suse.com
|
||||
|
||||
- Fix comment about patch in spec file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
|
||||
|
||||
@ -59,7 +87,7 @@ Tue Apr 30 22:27:14 CEST 2019 - sbrabec@suse.com
|
||||
(bsc#1121197):
|
||||
* shadow-login_defs-unused-by-pam.patch
|
||||
* shadow-login_defs-comments.patch
|
||||
* shadow-login_defs-util-linux.patch
|
||||
* shadow-util-linux.patch
|
||||
* shadow-login_defs-suse.patch
|
||||
* Move appropriate hunks to chkname-regex.patch and
|
||||
encryption_method_nis.patch
|
||||
|
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ Patch4: useradd-default.patch
|
||||
Patch5: shadow-util-linux.patch
|
||||
# PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch christian.brauner@mailbox.org -- Give a hint about what happens when you force the removal of a user.
|
||||
Patch6: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
# PATCH-FIX-FEDORA shadow-4.1.5.1-userdel-helpfix.patch kukuk@suse.com -- Fix error message.
|
||||
# PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch kukuk@suse.com -- Fix error message.
|
||||
Patch7: shadow-4.1.5.1-logmsg.patch
|
||||
# PATCH-FEATURE-SUSE encryption_method_nis.patch kukuk@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix).
|
||||
Patch10: encryption_method_nis.patch
|
||||
@ -59,6 +59,8 @@ Patch13: shadow-login_defs-comments.patch
|
||||
Patch14: shadow-login_defs-suse.patch
|
||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||
Patch20: disable_new_audit_function.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbrabec@suse.com -- Fix variable name.
|
||||
Patch21: shadow-usermod-variable.patch
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -82,6 +84,7 @@ Obsoletes: pwdutils <= 3.2.19
|
||||
# Call shadow-login_defs-check.sh before!
|
||||
Provides: login_defs-support-for-pam = 1.3.1
|
||||
Provides: login_defs-support-for-util-linux = 2.33.1
|
||||
Provides: useradd_or_adduser_dep
|
||||
|
||||
%description
|
||||
This package includes the necessary programs for converting plain
|
||||
@ -104,6 +107,7 @@ group accounts.
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch20 -p1
|
||||
%endif
|
||||
%patch21 -p1
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
|
Loading…
Reference in New Issue
Block a user